Last January I decided I was going to start PWB roughly in April (this year) so I decided to try and get some experience in developing exploits to try and get me up to speed before starting the course.

When I started the course in April, I realised that I'd already done probably about 80% of the course material on my own for several years and felt that I was at an advantage on the course material, but the lab time is really where the course pays for itself.

With the exploit development module, try to make sure that you know before hand about the CPU registers on the x86 architecture before you start the course and even try developing some exploits.

I already went through the first couple of exploit development guides at corelan, and have exploited a number of targets(Including freefloat). So I'm pretty up to speed on buffer overflows(No SEH/Stack cookie exploiting so far though)

A point I forgot to mention, have you ever looked at the De-ICE.net pentest live cd's before?

Hopefully they will help you on your way to getting the correct mindset, but also have a look at some methodologies as well such as the OSSTMM or ISSAF. They are pretty boring to read, but they will make sure you don't miss anything during a pentest.

You'll get ideas on the content of the course there and possibly begin researching based on that.

I would agree 100%. Just be ready to learn everything they teach you and more. The only thing you can do to prepare is open up Backtrack and take a look at every tool that is there. Get familiar with most of the tools and look over the PDF. Also, figure out the best way for you to take notes. I never knew how important the note taking process would be in a pentest till I took that course. Lastly, prepare the family. You might be missing sleep some nights. My 2 cents. Oh yeah, and have fun!

Hey I am kinda new to Info Sec. I wanted to know if I might be good to start the OSCP course. I have strong knowledge of tcp/ip, my linux skills are still at a beginner level but not to bad. I have been playing around with Backtrack and metasploit intensely for about a year now. What do you guys think should I be ok?

th3d0ct0r wrote:Hey I am kinda new to Info Sec. I wanted to know if I might be good to start the OSCP course. I have strong knowledge of tcp/ip, my linux skills are still at a beginner level but not to bad. I have been playing around with Backtrack and metasploit intensely for about a year now. What do you guys think should I be ok?

You might want to beef up your Linux skills and learn a bit of Python first. You can always purchase more lab time if you feel like you need it, and you can schedule the test whenever you're ready. There's really no harm in starting the course when you feel like you're close to being where you need to be, even if you may not be prepared for everything.

You can ALMOST survive on what they give you, but you WILL need to do outside research on some things, in order to 'pop' some of the targets, both in the lab, and in the exam. That said, though, they give you enough info to pretty much guide you where to FIND what you need, in the wild.

But one thing that makes it very realistic training, is that just like in a real-world pentest, you will run into things you don't know, and have to do some research on your own. That's one BIG reason I like the way Offensive Security puts their stuff together. It prepares you, not only to pass a certification exam, but for what to expect, in the real world.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'